Azure firewall ns NSG

HASSAN BIN NASIR DAR 306 Reputation points
2021-07-02T13:03:02.183+00:00

Hi

I read many articles. But could not understand what are the major difference between Azure firewall and NSG. Please tell me with example. thanks

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
662 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 108.8K Reputation points MVP
    2021-07-02T14:59:16.277+00:00

    Hi @HASSAN BIN NASIR DAR ,

    with Azure NSGs you are able to filter network traffic based on the following criteria in the Security Rules:

    • Inbound/Outbound traffic
    • Source IP and Port
    • Destination IP and Port
    • Protocol (TCP/UDP/ICMP/All)
    • Allow/Access

    Source: https://video2.skills-academy.com/en-us/azure/virtual-network/network-security-groups-overview

    In addition to the NSGs the Azure Firewall offers more options:
    Azure Firewall Standard: https://video2.skills-academy.com/en-us/azure/firewall/features
    Azure Firewall Premium: https://video2.skills-academy.com/en-us/azure/firewall/premium-features

    If you need more than simple network traffic control than the NSGs with Security Rules offers the Azure Firewall might be a good option.
    Just keep in mind: An NSG is free of charge. The Azure Firewall costs are based on Tier (Standard/Premium), hours of deployed Firewall and traffic processed.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  2. HASSAN BIN NASIR DAR 306 Reputation points
    2021-07-06T13:35:21+00:00

    Hi

    Please answer me of these questions.

    1- All NSG features are available in Azure firewall?

    2- If we have some denied rules in NSG but same those rules are allowed in Azure firewall. In this case which rule will apply?

    Regards

    0 comments
  3. Andreas Baumgarten 108.8K Reputation points MVP
    2021-07-06T19:13:42.97+00:00

    Hi @HASSAN BIN NASIR DAR ,

    regarding 1: yes
    regarding 2: "deny" rule will "win"

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments
  4. HASSAN BIN NASIR DAR 306 Reputation points
    2021-07-06T19:23:05.683+00:00

    Hi

    Its mean NSG rule is stronger than Azure firewall?

    0 comments
  5. Andreas Baumgarten 108.8K Reputation points MVP
    2021-07-07T11:37:47.023+00:00

    Hi @HASSAN BIN NASIR DAR ,

    it's not a matter of "stronger" or "weaker".
    In a combination of different rules in NSG and Firewall a deny rule will block no matter if another rule allows.

    FW - allow + NSG - deny = deny
    FW - deny + NSG - allow = deny
    FW - allow + NSG - allow = allow
    FW - deny + NSG - deny = deny

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.